CVE-2019-10184

high

Description

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api.

References

https://security.netapp.com/advisory/ntap-20220210-0016/

https://github.com/undertow-io/undertow/pull/794

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10184

https://access.redhat.com/errata/RHSA-2020:0727

https://access.redhat.com/errata/RHSA-2019:3050

https://access.redhat.com/errata/RHSA-2019:3046

https://access.redhat.com/errata/RHSA-2019:3045

https://access.redhat.com/errata/RHSA-2019:3044

https://access.redhat.com/errata/RHSA-2019:2998

https://access.redhat.com/errata/RHSA-2019:2938

https://access.redhat.com/errata/RHSA-2019:2937

https://access.redhat.com/errata/RHSA-2019:2936

https://access.redhat.com/errata/RHSA-2019:2935

Details

Source: Mitre, NVD

Published: 2019-07-25

Updated: 2022-02-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Severity: High

Detections

Analytics